New to the world of commercial certs, thanks in advance for any advice/guidance.
Our only outbound service is email, hosted on MS Exchange 2016 (2019 in medium-term future). Internally we have several services with browser interfaces. Most of these are hosted on MS Server 2016 boxes (also 2019 in medium-term future) but one is on RHEL 7.
I am trying to solve two problems: externally, many email recipients report delivery to junk/spam mail, although we're not on any blacklists and our reputation is neutral; and internally, browsers complain about the self-signed certs and some deny access entirely.
My reading suggests that I want a wildcard TLS/SSL certificate. Looks like I can install on multiple servers, both internal and external, as long as they all know the private key that generated the original CSR.
Am I reading internet info correctly, and do you see any red flags in what I'm trying to do? Thanks very much.
To solve the first problem, you may need to setup SPF/DKIM/DMARC records in the public DNS for your domain. It is not really a problem related to certificates.
You can find many documents on the Internet about this topic.
To solve the second problem, you can either import the self-signed certificates to the Trusted Root Certification Authorities of the client devices to have them trust these certificates, or use a commercial certificate which by default will be trusted by the clients.
Here is a Microsoft document about Exchange certificates which may be helpful for your reference: Digital certificates and encryption in Exchange Server